TayOnTech

Okay, so I created an AI Agent w/ the help of @claudeai that can performs a full loop purple team engagement. I primarily build this b/c I've been doing a lot of architectural work in the cloud, identifying systematic gaps and building strategies to close them whether it's implementing a preventative control or a detective control. That focus led to do a ton of "threat hunting" and auditing to identify problems. Thats where this agent comes in.

@MartEnterprises What llm are you using

@TayOnTech That’ll work. I ordered a Mac mini for the trading desk I’m setting up

Debating if I want to build a server for local ai development or buying a mini pc dedicated to ai development

@MartEnterprises Leaning towards Minisforum MS-S1 Max instead

@TayOnTech Buy the Mac mini

@rubbabandbam That's actually was i was looking at, the Minisforum MS-S1 Max. Based on the money I'll spend on ram alone, it make sense to use this and I can run proxmox no problem

@TayOnTech Mini PCs can be limiting in the longterm the more custom the build the longer your runway. I'm going Minisforum MS-01 but they've got options with larger profile PCI-e space

Just so I understand what is going on, this would be giving the agents access to passwords? Is that not a security concern..? Like every integration thingy becomes an attack vendor, no? Am I overthinking this?

Anthropic just pulled the oldest trick in SaaS pricing. I pay $200/mo for Claude Max. My limits have been noticeably worse this past week. Now they announce 2x off-peak usage for two weeks. Sounds generous. But here’s what actually happens: limits quietly drop, a temporary 2x makes the reduced limit feel normal, the promo ends, and you’re left at a baseline lower than where you started. You just didn’t notice the downgrade because the 2x absorbed the transition. These AI plans are massively subsidized. The raw compute behind a heavy user costs multiples of the subscription price. Every move like this is the subsidy quietly correcting. Very sneaky, Anthropic.

That's crazy

If Honda isn't making money then the economy isn't doing well at all.

Unpopular to say, but keeping your money in will be to your benefit

lol. do i even have to say it

I wanted to share how SCOPE has been helping been lately. It usually takes me days, in some cases weeks to fully audit an AWS account and that's with using CSPM tools and cloud scanning tools to fully understand attack paths. Those tools are great at telling you what's misconfigured, but they stop there. They don't tell you how that misconfiguration gets exploited. They don't show you that the overprivileged Lambda function can assume a role that trusts every principal in the account, which chains into a privilege escalation path that reaches production data. They don't connect the dots across IAM, S3, Lambda, EC2, KMS, and Secrets Manager into actual attack chains. And they definitely do not generate controls scoped to your specific account structure or detections mapped to the exact techniques an attacker would use. One command and 12 autonomous agents enumerate your entire AWS environment in parallel, reason about how misconfigurations chain together into attack paths, then generate defensive controls and detections to mitigate the risk. No generic best practice recommendations. Controls based on your account, your roles, your trust relationships, and the SCPs you already have in place. SCOPE also identifies the attack paths, then lets you threat hunt for evidence of those exact paths being exploited using Splunk's MCP server. Audit, exploit, defend, investigate. Full loop. GitHub Repo: github.com/tayontech/SCOPE

Migrating Microsoft Exchange to M365

& another thing @OpenAI can we please get hooks for codex. This is ridiculous.

It's actually gave me a pretty complex detection that I would deploy to an environment. I think I was so used to how good claude code reasoning is, but i change my mind about gemini. It's not THAT bad when you configure it properly. I still prefer claude though, but let's see how codex is after tuning it.

For the last two days I've been fine tuning SCOPE, so that it's AI agnostic. I think I might have been a little harsh on gemini, b/c now the results is a looooooot better and its a faster than claude and codex. I had to enforce a lot of things with hooks though, but it's 100% a lot better. Even the detection suggestions are a lot better.

but thats the issue, you have to give it step by step directions unlike codex and claude which can pretty much interpret your intentions. I'm having to force a data normalization schema and hella hooks to because gemini reasoning sucks, but it's also a learning lesson too b/c it shows how no matter how detailed you think your prompts are you need to still enforce some things to make sure it stays on track

@LawrenceDCodes yup, i set it to use AGENTS.MD b/c i also use codex and rather just share that all together, but here's the MD that i have pushed. It's a bit more in depth now im fine tuning some things: github.com/tayontech/SCOP…

So im debugging a few bugs, you literally have to prompt gemini to EVERYTHING. Compared to claude, its like gemini don't have any common sense. You have to give step by step directions whereas Claude just do it.

@LawrenceDCodes no, gemini cli

@TayOnTech Are you in the app? @TayOnTech

@CooLey_F LMFAOOOOOOOOOOOO dead ass

I said IF JACK HAS TWO APPLES AND HE ADDS 3 HOW MANY FUCKING APPLES DOES JACK HAVE??!?!??